US20040225889A1 - Authentication protocol with memory integrity verification - Google Patents

Authentication protocol with memory integrity verification Download PDF

Info

Publication number
US20040225889A1
US20040225889A1 US10/489,154 US48915404A US2004225889A1 US 20040225889 A1 US20040225889 A1 US 20040225889A1 US 48915404 A US48915404 A US 48915404A US 2004225889 A1 US2004225889 A1 US 2004225889A1
Authority
US
United States
Prior art keywords
private
integrated circuit
signature
memory
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US10/489,154
Other versions
US7886163B2 (en
Inventor
Luc Wuidart
Pierre Balthazar
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
STMicroelectronics SA
Original Assignee
STMicroelectronics SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by STMicroelectronics SA filed Critical STMicroelectronics SA
Assigned to STMICROELECTRONICS S.A. reassignment STMICROELECTRONICS S.A. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BALTHAZAR, PIERRE, WUIDART, LUC
Publication of US20040225889A1 publication Critical patent/US20040225889A1/en
Application granted granted Critical
Publication of US7886163B2 publication Critical patent/US7886163B2/en
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/082Features insuring the integrity of the data on or in the card
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Definitions

  • the present invention relates to the authentication of an integrated circuit or of an electronic device containing such a circuit, by means of an authentication method using a private or secret datum or quantity contained in the integrated circuit.
  • the present invention more specifically relates to authentication methods based on the use of a secret datum (also called a private key or datum) by means of an external device.
  • a secret datum also called a private key or datum
  • An example of application of the present invention is the field of smart cards, be they of prepaid count unit type or not.
  • the various methods of authentication of a smart card or the like aim at avoiding the piracy or the falsification of a card, either by use of a discrete device reproducing the card or by piracy of a read terminal, or by large-scale reproduction of falsified smart cards.
  • the authentication methods with the highest performances use a private quantity present in the integrated circuit to be authenticated and a so-called public quantity or key, depending on this private quantity and stored in an external device (generally separate from the smart card read device).
  • the private quantity is indirectly involved each time the integrated circuit requires authentication, without any “knowledge transfer”.
  • the authentication occurs according to a protocol which, in a proved manner and under hypotheses recognized as being perfectly reasonable by the scientific community, reveals nothing of the secret key or private quantity of the entity, the signature of which must be authenticated. Examples of known authentication methods to which the present invention applies are described in French patent application no. 2716058 and in U.S. Pat. No. 4,995,082.
  • Such methods do not send the private quantity itself, but a calculation result taking this private quantity into account, a number which is a function of a random number chosen by the integrated circuit and communicated to the external device, and a random number chosen by the external device and communicated to the card. The result is then checked by the external device to authenticate the card. This checking further uses public keys which are most often certified by another device (generally called the “trusted third party”).
  • said chip calculates a public key that it transmits, with its identifier, to a “trusted third party”.
  • the latter calculates a certificate that it sends back to the chip, which stores it.
  • the chip communicates its identifier and the certificate to the reader. The reader recalculates the public key of the chip based on these two values and a public key of the “trusted third party”.
  • Another disadvantage of conventional authentication methods is linked to the use of a private datum, which is further indispensable to make out or differentiate electronic devices or sub-assemblies, for example, smart cards, from one another.
  • the disadvantage precisely is that this quantity is a datum stored in the component to be identified.
  • Such a quantity is accordingly capable of being pirated by examination of the storage element (for example, the registers or the like) of the smart card in which the quantity is stored.
  • the private quantity generally is immutable for a given smart card, to enable repeated authentication thereof. This results in a weakness of the authentication function.
  • the present invention aims at improving integrated circuit authentication methods and systems or the like.
  • the present invention more specifically aims at improving or optimizing the anti-fraud security of electronic devices using an integrated circuit provided with program and/or data storage elements.
  • the present invention also aims at detecting and preventing any modification of private quantities of an integrated circuit.
  • the present invention provides a method for providing a private quantity in an integrated circuit taking part in an authentication procedure by means of an external device taking into account this private datum, which is a function of a signature of at least one memory associated with the integrated circuit, to check the integrity of this memory.
  • the signature depends on the content of a program memory of the integrated circuit.
  • the signature depends on the content of a non-volatile memory of the integrated circuit.
  • the private quantity is a combination of a first quantity representing said signature of the memories and of a second quantity obtained, at least partially, from a physical parameter network.
  • the physical parameter network is programmed, at least partially, by a word provided by a storage element.
  • the authentication procedure is of symmetrical type, sharing a key with no transmission thereof.
  • the authentication method is of a type with public and private keys.
  • the present invention also provides a method for authenticating an electronic device by means of an external device taking a private quantity of the electronic device into account.
  • the present invention also provides an integrated circuit including a cell for extracting a private quantity and means for calculating a signature of at least one memory, contained in the integrated circuit or associated therewith, to check the memory integrity.
  • the circuit includes means for providing a private quantity.
  • FIG. 1 illustrates in a flowchart an integrated circuit authentication method involving a private quantity, to which the present invention applies;
  • FIG. 2 very schematically shows in the form of block diagrams a first embodiment of a circuit for extracting a private quantity according to the present invention.
  • FIG. 3 very schematically shows in the form of block diagrams a second preferred embodiment of a circuit for extracting a private quantity according to the present invention.
  • a feature of the present invention is to take into account, in the authentication method, a signature of the content of at least one of the storage elements of the integrated circuit. More specifically, the present invention provides that the private quantity of the chip is a function of a signature of its memory or memories. “Signature” means a binary word representative of the very content of one or several memories of the integrated circuit.
  • FIG. 1 shows a simplified flowchart illustrating an implementation mode of an authentication procedure of the type to which the present invention applies.
  • This example concerns the authentication of a smart card by an external device.
  • the steps of the authentication procedure occurring on the side of card C, or on the side of reader R, have been enhanced, on either side of dotted lines P.
  • An authentication phase of course follows the introduction of a card into the reader, the sending of an identifier by the card to the reader, then to a central station, its checking by the central station, then the extraction by this central station of a public quantity or key v based on the identifier communicated by the card.
  • This public key most often comes from a key table and is communicated by the central station to the reader.
  • Such a procedure is characteristic of so-called zero-knowledge authentication methods or authentication methods with intervention of a trusted third party.
  • a number r is first randomly drawn (block 10 ), on the side of card C.
  • Number r is stored (block 11 , MEM(r)) in the card integrated circuit.
  • a first algorithm ALGO 1 providing a result X is applied (block 12 ) to this number r.
  • Result X is transmitted to reader R, which stores it (block 13 , MEM(X)).
  • a random number e is drawn (block 14 ) and stored (block 15 , MEM(e)). Number e is sent to card C, which itself stores it (block 16 , MEM(e)).
  • the card then extracts its private datum s (block 17 ).
  • the present invention intervenes at this step, in that private quantity s is a function at least of one signature of the content of the card memories.
  • Private datum s is taken into account in a second algorithm ALGO 2 (block 18 ) with data r and e to provide a result Y.
  • number r is deleted after having been used to calculate number Y and before the sending thereof.
  • Result Y is sent to reader R, which checks (block 19 ) by means of a third algorithm ALGO 3 that variable X is equal to the application of this algorithm to variables Y, e, and v.
  • Public key v of course is a function of private datum or key s of the card.
  • the reader provides an indicator of an authentication (T) or of no authentication (F) to the card (block 20 ). The authentication procedure is then over.
  • step 17 An authentication method such as described in FIG. 1 is known, except for the content of step 17 where the present invention intervenes so that private quantity s takes into account at least the signature of at least one memory, contained in the integrated circuit or associated therewith.
  • public key v may be calculated by the reader or the central station based on the card identifier or on a datum transmitted by said card.
  • the reader may contain a database of the public keys of the cards that it is supposed to be able to read.
  • FIG. 2 partially and schematically shows a first embodiment of a cell 1 for extracting a private quantity s in an integrated circuit according to the present invention.
  • Cell 1 of course receives control signals not shown, especially triggering the extraction of quantity s, provided on a single output terminal of cell 1 .
  • word s representing the private quantity is temporarily stored (at each request for extraction) in a register 2 .
  • quantity s is the result of a combination (by any function) illustrated by block 3 (COMB) of a secret quantity s 0 and of a signature SIGN of the content of the integrated circuit memories.
  • Quantity s 0 is, at least temporarily, stored in a register 4 while signature SIGN is, at least temporarily, stored in a register 5 .
  • the outputs of registers 4 and 5 are sent to combiner 3 which provides quantity s to register 2 .
  • the signature stored in register 5 is a function of the content of at least one memory of the integrated circuit.
  • these memories of which a signature representative of the content can be taken into account, alone or combined, to form signature word SIGN, one finds:
  • a memory 10 containing the processing programs of the integrated circuit (for example, of the smart card) and especially the program linked to the authentication method;
  • a read-only memory of EEPROM type 11 which contains, among others, the chip identifier
  • register or memory 4 containing secret quantity s 0 ;
  • any other storage element symbolized by an access link 12 containing data or programs immutable along the integrated circuit lifetime.
  • Immutable means that these data or program(s) will, by a signature calculation, always provide the same result if they are authentic.
  • An advantage of the present invention is that it enables, without requiring a specific authentication procedure, checking the integrity of data and/or programs which are not used in the authentication.
  • Another advantage of the present invention is that this integrity control is not performed by the integrated circuit chip, but is performed by the reader or external device. Indeed, since the signature is incorporated in the private quantity, the reader is in charge of checking whether the quantity (Y, FIG. 1) that it receives from the chip is conformal to the public key which has been transmitted thereto. Now, quantity Y depends on private quantity s.
  • the signature (content of register 5 ) which is a function of the different memories may be obtained with any operating method, provided that it provides a word of the chosen size.
  • it may be a checksum-type function or a chopping function (for example, a function known as the SHA function and described in work “Applied Cryptography” by Bruce Schneier, published in 1996 (second edition by Wiley), pages 442 to 445).
  • the calculation of signature SIGN is, for example, performed by a block 7 (CAL) receiving signals from the different memories to be taken into account to calculate binary word SIGN.
  • the function performed by block 7 may be any combination, expansion, arithmetic operation, alone or combined.
  • the signature calculation function may be any “free collision” function, that is, for which a modification of an input bit is enough to modify the output.
  • the representation of the drawings is functional. In practice, a central control unit will preferentially be used to trigger and clock the readings and calculations.
  • An advantage of the present invention is that its implementation requires no modification of conventional authentication methods, provided that the extraction of quantity s, made according to the present invention, provides a quantity of expected length or which is compatible with the authentication method and/or circuit exploiting it.
  • Another advantage of the present invention is that the authenticity test performing by taking the memory signature into account provides no indication of the nature of a possible defect. This makes the detection of the private quantity by a possible pirate even more difficult.
  • Another advantage of the present invention is that the memories (especially the program memory) may now be, without risking being attacked by modification of their contents, placed outside of the integrated circuit provided that the sole reading of the data reveals nothing to the pirate. Indeed, a pirate will then be unable to take advantage of this externalization since any modification will be detected by the signature.
  • FIG. 3 shows a second embodiment of a cell 1 ′ for extracting a private quantity s from an integrated circuit according to the present invention.
  • Cell 1 ′ here includes physical parameter network 20 (PPN) linked to the integrated circuit manufacturing.
  • Physical parameter network 20 provides a large number of signals which take part in the generation of private quantity s 0 according to the present invention.
  • Any physical parameter network including, for example, of measuring electric parameters may be used. It may be, for example, a measurement of a threshold voltage of a transistor, a measurement of a resistance or a measurement of a stray capacitance, a measurement of the current generated by a current source, a measurement of a time constant (for example, an RC circuit), a measurement of an oscillation frequency, etc. Since these features are sensitive to technological and manufacturing process dispersions, it can be considered that the electric parameters taken into account are specific to a manufacturing and form a signature of the integrated circuits resulting from this manufacturing.
  • the signals coming from network 20 are converted into digital signals by means of an analog-to-digital converter 21 (ADC) and may be multiplexed by a multiplexer 22 (MUX) to form a binary word SP 1 , stored in a register 23 .
  • ADC analog-to-digital converter
  • MUX multiplexer 22
  • Word SP 1 is thus sensitive to technological and manufacturing process dispersions and represents the hardware signature of the chip.
  • Converter 21 and multiplexer 22 have been shown in dotted lines since they are optional elements. In particular, converter 21 may be omitted in an embodiment of the physical parameter network directly providing a digital word.
  • the electrical parameters measured by means of network 20 are not always the same.
  • Said network then is programmable. It is parameterized or configured upon each measurement based on a binary word MP, stored in a register 24 .
  • Word MP is specific to the integrated circuit chip and may be individualized from one card to another.
  • the measurement of the physical parameters is started by a signal MES coming from a control unit 25 (CU) of cell 1 ′.
  • Word SP 1 is provided to a combiner 26 (SC) also receiving a binary word SP 2 stored in a register 27 .
  • the function of circuit 26 is to combine words SP 1 and SP 2 to provide secret quantity s 0 , stored in register 4 .
  • the combination performed by combiner 26 may be of the following type:
  • s ((SP 1 ⁇ SP 2 )2+(SP 1 +SP 2 )2)2 modulo q, where q is a prime number over k bits.
  • Number s 0 then is a k-bit word obtained from words SP 1 and SP 2 respectively over k 1 and k 2 bits.
  • numbers k 1 and k 2 of bits of words SP 1 and SP 2 are equal. This enables maintaining the same difficulty for a possible pirate in the case where a portion SP 1 or SP 2 of word s 0 should be discovered.
  • number SP 2 is different from one card to another.
  • Combiner 26 guarantees the size of datum s 0 and a non-zero value.
  • the use of a quantity SP 2 specific to the card guarantees that private key s 0 is unique, whatever datum MP provided to physical parameter network 20 for configuration.
  • a physical parameter network is conventional and is no object of the present invention. It may be, for example, a network of resistances and/or of switchable capacitors associated in parallel and/or in series, the switches being controlled according to configuration signals MP arriving on network 20 . Circuits using a time measurement may also be used. For example, the read/write time of an EEPROM-type memory is measured.
  • An example of a physical parameter network of this type is described in U.S. Pat. No. 5,818,738.
  • Cell 1 ′ also includes, like cell 1 of FIG. 2, a combiner 3 of quantity s 0 with a signature SIGN contained in register 5 .
  • Signature SIGN is calculated by block 7 (CAL).
  • FIG. 3 shows the taking into account of the content of memories external to cell 1 ′. However, the content of register 4 containing quantity s 0 may, here again, be taken into account in the signature.
  • cell 1 ′ further includes a reset circuit 28 (RES, reset or set) of some of its registers.
  • Circuit 28 especially has the function of making the presence of quantities s and s 0 in registers 2 and 4 temporary.
  • circuit 28 controls the resetting not only of registers 4 and 2 , but also of register 23 containing quantity SP 1 extracted from network 20 and of register 5 containing signature SIGN of the memories. In other words, the lifetime of private quantity s and/of its components is set from its generation.
  • An advantage of the present invention is that by combining the use of a physical parameter network and/of a signature of the memories to condition at least part of the private quantity, with the use of a temporized reset of the storage elements storing this private quantity, a possible pirate is prevented from discovering the private quantity of the card, for example, by visual examination.
  • Circuit 28 is, for example, controlled by a clock CLK triggered by control unit 25 upon arrival of a signal St for triggering the extraction of private quantity s.
  • said code may be stored, in a direct or modified manner, in register 27 to form code SP 2 .
  • circuit 28 may also reset register 27 to prevent the permanent presence of code SP 2 on the card.
  • SCHNORR protocol described, for example, in above-mentioned work “Applied Cryptography”, pages 510 to 512, or in document U.S. Pat. No. 4,995,082 may be used.
  • storage registers which may be replaced with any adapted storage element, for example, memories or memory portions, volatile or not according to the type of stored data. Further, the writing into and the reading from these storage elements may be series or parallel.

Abstract

The invention relates to a method of supplying a private quantity (s) in an integrated circuit involved in an authentication procedure by means of an external device that takes said private quantity into account. In order to verify the integrity of said memory element, the private quantity is a function of a signature (SIGN) of at least one memory element (4, 10, 11, 12) associated with the integrated circuit.

Description

  • The present invention relates to the authentication of an integrated circuit or of an electronic device containing such a circuit, by means of an authentication method using a private or secret datum or quantity contained in the integrated circuit. [0001]
  • The present invention more specifically relates to authentication methods based on the use of a secret datum (also called a private key or datum) by means of an external device. An example of application of the present invention is the field of smart cards, be they of prepaid count unit type or not. [0002]
  • The various methods of authentication of a smart card or the like aim at avoiding the piracy or the falsification of a card, either by use of a discrete device reproducing the card or by piracy of a read terminal, or by large-scale reproduction of falsified smart cards. [0003]
  • The authentication methods with the highest performances use a private quantity present in the integrated circuit to be authenticated and a so-called public quantity or key, depending on this private quantity and stored in an external device (generally separate from the smart card read device). The private quantity is indirectly involved each time the integrated circuit requires authentication, without any “knowledge transfer”. In such so-called “zero-knowledge” methods, the authentication occurs according to a protocol which, in a proved manner and under hypotheses recognized as being perfectly reasonable by the scientific community, reveals nothing of the secret key or private quantity of the entity, the signature of which must be authenticated. Examples of known authentication methods to which the present invention applies are described in French patent application no. 2716058 and in U.S. Pat. No. 4,995,082. [0004]
  • Such methods do not send the private quantity itself, but a calculation result taking this private quantity into account, a number which is a function of a random number chosen by the integrated circuit and communicated to the external device, and a random number chosen by the external device and communicated to the card. The result is then checked by the external device to authenticate the card. This checking further uses public keys which are most often certified by another device (generally called the “trusted third party”). In a chip personalization phase, said chip calculates a public key that it transmits, with its identifier, to a “trusted third party”. The latter calculates a certificate that it sends back to the chip, which stores it. In use, the chip communicates its identifier and the certificate to the reader. The reader recalculates the public key of the chip based on these two values and a public key of the “trusted third party”. [0005]
  • Although high-performance methods hide the private quantity during transfers, they are powerless against piracies inside of the integrated circuit. [0006]
  • In particular, conventional authentication methods and systems do not protect the data contained in the storage elements of the chip card or the like. These data may be formed of processing programs (including the program necessary to the execution of the authentication method) or of various data. Among the data stored, for example, in EEPROM-type memories, is in particular the certified public key of the “trusted third party” enabling the reader to recalculate the public keys of the chips. [0007]
  • The fact that the data and programs are not protected is a breach in the security of smart card systems. This weakness is further increased by the fact that the authentication is performed by the card itself, and thus based on its programs and on the accessible elements of its memory. [0008]
  • Another disadvantage of conventional authentication methods is linked to the use of a private datum, which is further indispensable to make out or differentiate electronic devices or sub-assemblies, for example, smart cards, from one another. The disadvantage precisely is that this quantity is a datum stored in the component to be identified. Such a quantity is accordingly capable of being pirated by examination of the storage element (for example, the registers or the like) of the smart card in which the quantity is stored. Further, the private quantity generally is immutable for a given smart card, to enable repeated authentication thereof. This results in a weakness of the authentication function. [0009]
  • The present invention aims at improving integrated circuit authentication methods and systems or the like. [0010]
  • The present invention more specifically aims at improving or optimizing the anti-fraud security of electronic devices using an integrated circuit provided with program and/or data storage elements. [0011]
  • The present invention also aims at detecting and preventing any modification of private quantities of an integrated circuit. [0012]
  • To achieve these and other objects, the present invention provides a method for providing a private quantity in an integrated circuit taking part in an authentication procedure by means of an external device taking into account this private datum, which is a function of a signature of at least one memory associated with the integrated circuit, to check the integrity of this memory. [0013]
  • According to an embodiment of the present invention, the signature depends on the content of a program memory of the integrated circuit. [0014]
  • According to an embodiment of the present invention, the signature depends on the content of a non-volatile memory of the integrated circuit. [0015]
  • According to an embodiment of the present invention, the private quantity is a combination of a first quantity representing said signature of the memories and of a second quantity obtained, at least partially, from a physical parameter network. [0016]
  • According to an embodiment of the present invention, the physical parameter network is programmed, at least partially, by a word provided by a storage element. [0017]
  • According to an embodiment of the present invention, the authentication procedure is of symmetrical type, sharing a key with no transmission thereof. [0018]
  • According to an embodiment of the present invention, the authentication method is of a type with public and private keys. [0019]
  • The present invention also provides a method for authenticating an electronic device by means of an external device taking a private quantity of the electronic device into account. [0020]
  • The present invention also provides an integrated circuit including a cell for extracting a private quantity and means for calculating a signature of at least one memory, contained in the integrated circuit or associated therewith, to check the memory integrity. [0021]
  • According to an embodiment of the present invention, the circuit includes means for providing a private quantity. [0022]
  • The foregoing objects, features and advantages of the present invention, will be discussed in detail in the following non-limiting description of specific embodiments in connection with the accompanying drawings, in which: [0023]
  • FIG. 1 illustrates in a flowchart an integrated circuit authentication method involving a private quantity, to which the present invention applies; [0024]
  • FIG. 2 very schematically shows in the form of block diagrams a first embodiment of a circuit for extracting a private quantity according to the present invention; and [0025]
  • FIG. 3 very schematically shows in the form of block diagrams a second preferred embodiment of a circuit for extracting a private quantity according to the present invention.[0026]
  • For clarity, only those method steps and those elements of the circuit that are necessary to the understanding of the present invention have been shown in the drawings and will be described hereafter. In particular, the authentication methods and the algorithms using private quantities are perfectly well known and will not be detailed, except as concerns the provision of the private quantity which is the object of the present invention. [0027]
  • A feature of the present invention is to take into account, in the authentication method, a signature of the content of at least one of the storage elements of the integrated circuit. More specifically, the present invention provides that the private quantity of the chip is a function of a signature of its memory or memories. “Signature” means a binary word representative of the very content of one or several memories of the integrated circuit. [0028]
  • FIG. 1 shows a simplified flowchart illustrating an implementation mode of an authentication procedure of the type to which the present invention applies. This example concerns the authentication of a smart card by an external device. In FIG. 1, the steps of the authentication procedure occurring on the side of card C, or on the side of reader R, have been enhanced, on either side of dotted lines P. [0029]
  • An authentication phase of course follows the introduction of a card into the reader, the sending of an identifier by the card to the reader, then to a central station, its checking by the central station, then the extraction by this central station of a public quantity or key v based on the identifier communicated by the card. This public key most often comes from a key table and is communicated by the central station to the reader. Such a procedure is characteristic of so-called zero-knowledge authentication methods or authentication methods with intervention of a trusted third party. [0030]
  • For the actual authentication phase, a number r is first randomly drawn (block [0031] 10), on the side of card C. Number r is stored (block 11, MEM(r)) in the card integrated circuit. Then, a first algorithm ALGO1 providing a result X is applied (block 12) to this number r. Result X is transmitted to reader R, which stores it (block 13, MEM(X)). On the reader side, a random number e is drawn (block 14) and stored (block 15, MEM(e)). Number e is sent to card C, which itself stores it (block 16, MEM(e)).
  • The card then extracts its private datum s (block [0032] 17). The present invention intervenes at this step, in that private quantity s is a function at least of one signature of the content of the card memories. Private datum s is taken into account in a second algorithm ALGO2 (block 18) with data r and e to provide a result Y. Preferably, number r is deleted after having been used to calculate number Y and before the sending thereof. Result Y is sent to reader R, which checks (block 19) by means of a third algorithm ALGO3 that variable X is equal to the application of this algorithm to variables Y, e, and v. Public key v of course is a function of private datum or key s of the card. According to the result of coherence test 19, the reader provides an indicator of an authentication (T) or of no authentication (F) to the card (block 20). The authentication procedure is then over.
  • An authentication method such as described in FIG. 1 is known, except for the content of [0033] step 17 where the present invention intervenes so that private quantity s takes into account at least the signature of at least one memory, contained in the integrated circuit or associated therewith.
  • According to a specific example of embodiment, the different variables are linked together by the following algorithms and relations: [0034]
  • public key v and private key s are linked by relation v=g−s modulo n, where g represents a cyclic group generator and n an integer; [0035]
  • first algorithm ALGO[0036] 1 is X=gr modulo n;
  • second algorithm ALGO[0037] 2 is Y=r+e.s; and
  • third algorithm ALGO[0038] 3 is X=gY.ve modulo n.
  • It should be noted that various algorithms are known in the art and may be implemented in using the method of the present invention. For example, public key v may be calculated by the reader or the central station based on the card identifier or on a datum transmitted by said card. According to another alternative, the reader may contain a database of the public keys of the cards that it is supposed to be able to read. [0039]
  • FIG. 2 partially and schematically shows a first embodiment of a [0040] cell 1 for extracting a private quantity s in an integrated circuit according to the present invention.
  • [0041] Cell 1 of course receives control signals not shown, especially triggering the extraction of quantity s, provided on a single output terminal of cell 1. Inside of cell 1, word s representing the private quantity is temporarily stored (at each request for extraction) in a register 2.
  • According to the present invention, quantity s is the result of a combination (by any function) illustrated by block [0042] 3 (COMB) of a secret quantity s0 and of a signature SIGN of the content of the integrated circuit memories. Quantity s0 is, at least temporarily, stored in a register 4 while signature SIGN is, at least temporarily, stored in a register 5. The outputs of registers 4 and 5 are sent to combiner 3 which provides quantity s to register 2.
  • The signature stored in [0043] register 5 is a function of the content of at least one memory of the integrated circuit. Among these memories of which a signature representative of the content can be taken into account, alone or combined, to form signature word SIGN, one finds:
  • a memory [0044] 10 (ROM) containing the processing programs of the integrated circuit (for example, of the smart card) and especially the program linked to the authentication method;
  • a read-only memory of [0045] EEPROM type 11, which contains, among others, the chip identifier;
  • register or [0046] memory 4 containing secret quantity s0; and
  • any other storage element (symbolized by an access link [0047] 12) containing data or programs immutable along the integrated circuit lifetime. Immutable means that these data or program(s) will, by a signature calculation, always provide the same result if they are authentic.
  • An advantage of the present invention is that it enables, without requiring a specific authentication procedure, checking the integrity of data and/or programs which are not used in the authentication. [0048]
  • Another advantage of the present invention is that this integrity control is not performed by the integrated circuit chip, but is performed by the reader or external device. Indeed, since the signature is incorporated in the private quantity, the reader is in charge of checking whether the quantity (Y, FIG. 1) that it receives from the chip is conformal to the public key which has been transmitted thereto. Now, quantity Y depends on private quantity s. [0049]
  • It should be noted that the public key has been certified by the “trusted third party” in the chip personalization phase, and thus at a time when the integrity does not risk being challenged. [0050]
  • The fact of using a control by the reader makes a possible piracy even more difficult. [0051]
  • In particular, it could have been devised to check the signature of a file or of a memory with respect to the reference signature contained either in a memory of the chip or in the reader. A disadvantage would then be, for the first case, that the data to be contained by the memory have to be known upon manufacturing (to be included in the integrated circuit chip manufacturing masks). Further, this solution leads to a checking on the smart card side, which is less reliable. For the second solution, this requires for the reader to have a table with all possible signatures of the cards that it can receive, which in practice results in obvious memory capacity problems on the reader side. [0052]
  • The signature (content of register [0053] 5) which is a function of the different memories may be obtained with any operating method, provided that it provides a word of the chosen size. For example, it may be a checksum-type function or a chopping function (for example, a function known as the SHA function and described in work “Applied Cryptography” by Bruce Schneier, published in 1996 (second edition by Wiley), pages 442 to 445). The calculation of signature SIGN is, for example, performed by a block 7 (CAL) receiving signals from the different memories to be taken into account to calculate binary word SIGN. The function performed by block 7 may be any combination, expansion, arithmetic operation, alone or combined. More generally, the signature calculation function may be any “free collision” function, that is, for which a modification of an input bit is enough to modify the output. The representation of the drawings is functional. In practice, a central control unit will preferentially be used to trigger and clock the readings and calculations.
  • An advantage of the present invention is that its implementation requires no modification of conventional authentication methods, provided that the extraction of quantity s, made according to the present invention, provides a quantity of expected length or which is compatible with the authentication method and/or circuit exploiting it. [0054]
  • Another advantage of the present invention is that the authenticity test performing by taking the memory signature into account provides no indication of the nature of a possible defect. This makes the detection of the private quantity by a possible pirate even more difficult. [0055]
  • Another advantage of the present invention is that the memories (especially the program memory) may now be, without risking being attacked by modification of their contents, placed outside of the integrated circuit provided that the sole reading of the data reveals nothing to the pirate. Indeed, a pirate will then be unable to take advantage of this externalization since any modification will be detected by the signature. [0056]
  • FIG. 3 shows a second embodiment of a [0057] cell 1′ for extracting a private quantity s from an integrated circuit according to the present invention. Cell 1′ here includes physical parameter network 20 (PPN) linked to the integrated circuit manufacturing. Physical parameter network 20 provides a large number of signals which take part in the generation of private quantity s0 according to the present invention.
  • Any physical parameter network including, for example, of measuring electric parameters may be used. It may be, for example, a measurement of a threshold voltage of a transistor, a measurement of a resistance or a measurement of a stray capacitance, a measurement of the current generated by a current source, a measurement of a time constant (for example, an RC circuit), a measurement of an oscillation frequency, etc. Since these features are sensitive to technological and manufacturing process dispersions, it can be considered that the electric parameters taken into account are specific to a manufacturing and form a signature of the integrated circuits resulting from this manufacturing. [0058]
  • In the example of a measurement of electrical parameters, the signals coming from [0059] network 20 are converted into digital signals by means of an analog-to-digital converter 21 (ADC) and may be multiplexed by a multiplexer 22 (MUX) to form a binary word SP1, stored in a register 23. Word SP1 is thus sensitive to technological and manufacturing process dispersions and represents the hardware signature of the chip.
  • [0060] Converter 21 and multiplexer 22 have been shown in dotted lines since they are optional elements. In particular, converter 21 may be omitted in an embodiment of the physical parameter network directly providing a digital word.
  • Preferably, the electrical parameters measured by means of [0061] network 20 are not always the same. Said network then is programmable. It is parameterized or configured upon each measurement based on a binary word MP, stored in a register 24. Word MP is specific to the integrated circuit chip and may be individualized from one card to another.
  • The measurement of the physical parameters is started by a signal MES coming from a control unit [0062] 25 (CU) of cell 1′. Word SP1 is provided to a combiner 26 (SC) also receiving a binary word SP2 stored in a register 27. The function of circuit 26 is to combine words SP1 and SP2 to provide secret quantity s0, stored in register 4. As a specific example of implementation, the combination performed by combiner 26 may be of the following type:
  • s=((SP[0063] 1−SP2)2+(SP1+SP2)2)2 modulo q, where q is a prime number over k bits. Number s0 then is a k-bit word obtained from words SP1 and SP2 respectively over k1 and k2 bits. Preferably, numbers k1 and k2 of bits of words SP1 and SP2 are equal. This enables maintaining the same difficulty for a possible pirate in the case where a portion SP1 or SP2 of word s0 should be discovered.
  • Like number MP, number SP[0064] 2 is different from one card to another. Combiner 26 guarantees the size of datum s0 and a non-zero value. The use of a quantity SP2 specific to the card guarantees that private key s0 is unique, whatever datum MP provided to physical parameter network 20 for configuration.
  • The forming of a physical parameter network is conventional and is no object of the present invention. It may be, for example, a network of resistances and/or of switchable capacitors associated in parallel and/or in series, the switches being controlled according to configuration signals MP arriving on [0065] network 20. Circuits using a time measurement may also be used. For example, the read/write time of an EEPROM-type memory is measured. An example of a physical parameter network of this type is described in U.S. Pat. No. 5,818,738.
  • [0066] Cell 1′ also includes, like cell 1 of FIG. 2, a combiner 3 of quantity s0 with a signature SIGN contained in register 5. Signature SIGN is calculated by block 7 (CAL). FIG. 3 shows the taking into account of the content of memories external to cell 1′. However, the content of register 4 containing quantity s0 may, here again, be taken into account in the signature.
  • According to the preferred embodiment illustrated in FIG. 3, [0067] cell 1′ further includes a reset circuit 28 (RES, reset or set) of some of its registers. Circuit 28 especially has the function of making the presence of quantities s and s0 in registers 2 and 4 temporary. To guarantee an optimal security, circuit 28 controls the resetting not only of registers 4 and 2, but also of register 23 containing quantity SP1 extracted from network 20 and of register 5 containing signature SIGN of the memories. In other words, the lifetime of private quantity s and/of its components is set from its generation.
  • An advantage of the present invention is that by combining the use of a physical parameter network and/of a signature of the memories to condition at least part of the private quantity, with the use of a temporized reset of the storage elements storing this private quantity, a possible pirate is prevented from discovering the private quantity of the card, for example, by visual examination. [0068]
  • The combinations of parameters MP and SP[0069] 2 conditioning the obtaining of private quantity s0 increase the difficulty of piracy. It should however be noted that the use of such a combination is optional. Circuit 28 is, for example, controlled by a clock CLK triggered by control unit 25 upon arrival of a signal St for triggering the extraction of private quantity s.
  • According to an embodiment of the present invention, applied to the case where a code is typed by the card user, said code may be stored, in a direct or modified manner, in [0070] register 27 to form code SP2. In this case, circuit 28 may also reset register 27 to prevent the permanent presence of code SP2 on the card.
  • Of course, the present invention is likely to have various alterations, modifications, and improvement which will readily occur to those skilled in the art. Although the present invention has been described in relation with a specific authentication process, it applies whatever the envisaged authentication procedure, provided that this procedure generates no specific constraints (except for the length) on the obtaining of the private quantity. [0071]
  • As an example, a so-called SCHNORR protocol described, for example, in above-mentioned work “Applied Cryptography”, pages 510 to 512, or in document U.S. Pat. No. 4,995,082 may be used. [0072]
  • Further, reference has been made to storage registers which may be replaced with any adapted storage element, for example, memories or memory portions, volatile or not according to the type of stored data. Further, the writing into and the reading from these storage elements may be series or parallel. [0073]
  • Finally, although the implementation of the present invention has been described in relation with a hardware example, it may be performed by software means, its practical implementation being within the abilities of those skilled in the art based on the functional indications given hereabove. [0074]

Claims (9)

1. A method for providing a private quantity in an integrated circuit taking part in an authentication procedure by means of an external device taking into account this private quantity, wherein, to check the integrity of at least one associated with the integrated circuit, this private quantity is a combination of a first quantity representing a signature of said memory and of a second quantity obtained, at least partially, from a physical parameter network.
2. The method of claim 1, wherein the signature depends on the content of a program memory of the integrated circuit.
3. The method of claim 1, wherein the signature depends on the content of a non-volatile memory of the integrated circuit.
4. The method of claim 1, wherein the physical parameter network is programmed, at least partially, by a word provided by a storage element.
5. The method of claim 1, wherein the authentication procedure is of symmetrical type, sharing a key with no transmission thereof.
6. The method of claim 5, wherein the authentication method is of a type with public and private keys.
7. A method for authenticating an electronic device by means of an external device taking a private quantity of the electronic device into account, wherein said private quantity is obtained by the implementation of the method of claim 1.
8. An integrated circuit comprising:
a cell for extracting a private quantity; and means for calculating a signature of at least one memory, contained in the integrated circuit or associated therewith, to check the memory integrity.
9. The integrated circuit of claim 8, including means for providing of a private quantity by means of an external device taking into account this private quantity wherein this private quantity is a function of a signature of at least one memory associated with the integrated circuit to check the integrity of said memory.
US10/489,154 2001-09-10 2002-09-10 Authentication protocol with memory integrity verification Expired - Fee Related US7886163B2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
FR0111678 2001-09-10
FR01/11678 2001-09-10
FR0111678A FR2829645A1 (en) 2001-09-10 2001-09-10 Authentication method, e.g. for use with a smart card, whereby a secret quantity or key is delivered to an integrated circuit forming part of an external device or reader used in authentication
PCT/FR2002/003081 WO2003023725A1 (en) 2001-09-10 2002-09-10 Authentication protocol with memory integrity verification

Publications (2)

Publication Number Publication Date
US20040225889A1 true US20040225889A1 (en) 2004-11-11
US7886163B2 US7886163B2 (en) 2011-02-08

Family

ID=8867124

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/489,154 Expired - Fee Related US7886163B2 (en) 2001-09-10 2002-09-10 Authentication protocol with memory integrity verification

Country Status (6)

Country Link
US (1) US7886163B2 (en)
EP (1) EP1436792B1 (en)
JP (1) JP2005503059A (en)
DE (1) DE60223703T2 (en)
FR (1) FR2829645A1 (en)
WO (1) WO2003023725A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012001615A1 (en) * 2010-06-27 2012-01-05 Infinite Memory Ltd. A method, circuit, device and system for authenticating an integrated circuit
US11341489B1 (en) 2016-12-19 2022-05-24 Amazon Technologies, Inc. Multi-path back-end system for payment processing
US11354659B1 (en) * 2016-12-19 2022-06-07 Amazon Technologies, Inc. Securing transaction messages based on a dynamic key selection

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2850479B1 (en) * 2003-01-24 2005-04-29 France Telecom PUBLIC KEY CRYPTOGRAPHIC METHOD FOR PROTECTING A CHIP AGAINST FRAUD
US7725740B2 (en) * 2003-05-23 2010-05-25 Nagravision S.A. Generating a root key for decryption of a transmission key allowing secure communications
FR2875949A1 (en) * 2004-09-28 2006-03-31 St Microelectronics Sa LOCKING AN INTEGRATED CIRCUIT
FR2945134A1 (en) * 2009-04-29 2010-11-05 Bull Sa Machine for testing e.g. flash type memory in cryptographic key generation device, has comparing unit for comparing message with another message and providing validation signal if former message is identical to latter message

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4786790A (en) * 1987-03-04 1988-11-22 Siemens Aktiengesellschaft Data exchange system with authentication code comparator
US5191608A (en) * 1990-09-12 1993-03-02 Gemplus Card International Method for the management of an application program loaded in a microcircuit medium
US5818738A (en) * 1987-10-30 1998-10-06 Gao Gesellschaft Fur Automation Und Organisation Mgh Method for testing the authenticity of a data carrier having an integrated circuit
US6299069B1 (en) * 1997-12-26 2001-10-09 Oki Electric Industry Co. Ltd. Integrated circuit for embedding in smart cards, and method of issuing smart cards
US6453416B1 (en) * 1997-12-19 2002-09-17 Koninklijke Philips Electronics N.V. Secure proxy signing device and method of use
US20030037237A1 (en) * 2001-04-09 2003-02-20 Jean-Paul Abgrall Systems and methods for computer device authentication
US20030046542A1 (en) * 2001-09-04 2003-03-06 Hewlett-Packard Company Method and apparatus for using a secret in a distributed computing system
US6581078B1 (en) * 1999-01-18 2003-06-17 Stmicroelectronics Sa.A. Random number generating circuit and process
US6829628B2 (en) * 2001-05-02 2004-12-07 Portalplayer, Inc. Random number generation method and system
US6925566B1 (en) * 2000-07-07 2005-08-02 Motorola, Inc. Remote system integrity verification
US7017044B1 (en) * 2000-08-02 2006-03-21 Maxtor Corporation Extremely secure method for keying stored contents to a specific storage device
US7380131B1 (en) * 2001-01-19 2008-05-27 Xilinx, Inc. Copy protection without non-volatile memory

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0383985A1 (en) 1989-02-24 1990-08-29 Claus Peter Prof. Dr. Schnorr Method for subscriber identification and for generation and verification of electronic signatures in a data exchange system
FR2716058B1 (en) 1994-02-04 1996-04-12 France Telecom Method of digital signature and authentication of messages using a discrete logarithm.
WO1996010811A1 (en) * 1994-09-30 1996-04-11 Siemens Aktiengesellschaft Process for generating electronic signatures and use of a pseudo-random generator therefor
FR2757979B1 (en) * 1996-12-27 1999-01-29 Gemplus Card Int METHOD FOR DYNAMIC DATA INTERPRETATION FOR A CHIP CARD

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4786790A (en) * 1987-03-04 1988-11-22 Siemens Aktiengesellschaft Data exchange system with authentication code comparator
US5818738A (en) * 1987-10-30 1998-10-06 Gao Gesellschaft Fur Automation Und Organisation Mgh Method for testing the authenticity of a data carrier having an integrated circuit
US5191608A (en) * 1990-09-12 1993-03-02 Gemplus Card International Method for the management of an application program loaded in a microcircuit medium
US6453416B1 (en) * 1997-12-19 2002-09-17 Koninklijke Philips Electronics N.V. Secure proxy signing device and method of use
US6299069B1 (en) * 1997-12-26 2001-10-09 Oki Electric Industry Co. Ltd. Integrated circuit for embedding in smart cards, and method of issuing smart cards
US6581078B1 (en) * 1999-01-18 2003-06-17 Stmicroelectronics Sa.A. Random number generating circuit and process
US6925566B1 (en) * 2000-07-07 2005-08-02 Motorola, Inc. Remote system integrity verification
US7017044B1 (en) * 2000-08-02 2006-03-21 Maxtor Corporation Extremely secure method for keying stored contents to a specific storage device
US7380131B1 (en) * 2001-01-19 2008-05-27 Xilinx, Inc. Copy protection without non-volatile memory
US20030037237A1 (en) * 2001-04-09 2003-02-20 Jean-Paul Abgrall Systems and methods for computer device authentication
US6829628B2 (en) * 2001-05-02 2004-12-07 Portalplayer, Inc. Random number generation method and system
US20030046542A1 (en) * 2001-09-04 2003-03-06 Hewlett-Packard Company Method and apparatus for using a secret in a distributed computing system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012001615A1 (en) * 2010-06-27 2012-01-05 Infinite Memory Ltd. A method, circuit, device and system for authenticating an integrated circuit
US11341489B1 (en) 2016-12-19 2022-05-24 Amazon Technologies, Inc. Multi-path back-end system for payment processing
US11354659B1 (en) * 2016-12-19 2022-06-07 Amazon Technologies, Inc. Securing transaction messages based on a dynamic key selection

Also Published As

Publication number Publication date
FR2829645A1 (en) 2003-03-14
EP1436792B1 (en) 2007-11-21
DE60223703D1 (en) 2008-01-03
EP1436792A1 (en) 2004-07-14
JP2005503059A (en) 2005-01-27
WO2003023725A1 (en) 2003-03-20
DE60223703T2 (en) 2008-10-30
US7886163B2 (en) 2011-02-08

Similar Documents

Publication Publication Date Title
US7945791B2 (en) Protected storage of a datum in an integrated circuit
US7904731B2 (en) Integrated circuit that uses a dynamic characteristic of the circuit
KR101395749B1 (en) Method for creating a secure counter on an on-board computer system comprising a chip card
JP3433258B2 (en) How to generate a digital signature for smart cards
CN100356342C (en) Information processing unit
US7796759B2 (en) Diversification of a single integrated circuit identifier
US7191340B2 (en) Generation of a secret quantity based on an identifier of an integrated circuit
US7827413B2 (en) Extraction of a private datum to authenticate an integrated circuit
US7941672B2 (en) Regeneration of a secret quantity from an intergrated circuit identifier
US7886163B2 (en) Authentication protocol with memory integrity verification
Karageorgos et al. Chip-to-chip authentication method based on SRAM PUF and public key cryptography
EP3865997B1 (en) System and method for generating and authenticating a physically unclonable function
US10425233B2 (en) Method for automatically verifying a target computer file with respect to a reference computer file
JP4162166B2 (en) IC card with variable response time
RU2552181C2 (en) Device for protection from piracy and falsification of integrated circuits
Maes et al. Process variations for security: Pufs

Legal Events

Date Code Title Description
AS Assignment

Owner name: STMICROELECTRONICS S.A., FRANCE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WUIDART, LUC;BALTHAZAR, PIERRE;REEL/FRAME:015531/0310

Effective date: 20040223

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552)

Year of fee payment: 8

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20230208